package com.test.demo.security.controller;

import com.test.demo.security.dto.UserQueryDTO;
import com.test.demo.security.dto.UserRespDTO;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import io.swagger.v3.oas.annotations.tags.Tag;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;

@RestController
@RequestMapping("/api/user")
@Tag(name = "User", description = "普通用户相关接口")
@SecurityRequirement(name = "bearerAuth")   // 若使用 JWT，可启用
public class UserController {

    @GetMapping("/profile")
    @PreAuthorize("hasRole('USER')")
    @Operation(summary = "获取当前用户资料")
    public UserProfileDto getProfile() {
        return new UserProfileDto(1L, "张三", "zhangsan@example.com");
    }

    @PutMapping("/profile")
    @PreAuthorize("hasRole('USER')")
    @Operation(summary = "更新当前用户资料")
    public UserProfileDto updateProfile(@RequestBody UserProfileDto dto) {
        return dto; // 仅演示
    }
    @PostMapping("/info")
    @Operation(summary = "根据查询条件获取用户信息")
    public UserRespDTO getUser(@RequestBody UserQueryDTO query) {
        // 模拟业务
        UserRespDTO resp = new UserRespDTO();
        resp.setId(query.getId());
        resp.setName(query.getName());
        resp.setEmail(query.getName() + "@example.com");
        return resp;
    }
    // ---------- DTO ----------
    public record UserProfileDto(Long id, String name, String email) {}
}